Written by Dave Abrams
21 Mar 2024

Document Shredding in the Healthcare Industry

When is the last time you really thought about your shredding program? In the grand scheme of waste streams within a hospital, shredding is often overlooked. Healthcare professionals are very aware of the risks of needlesticks or the mishandling of medical waste, but the risk of a data breach is just as important.

In such a highly regulated industry, liability lurks around every corner, and the proper handling of protected health information (PHI) is exceptionally important. It’s time to take a closer look at secure and compliant document destruction in healthcare.


1 / What laws govern PHI confidentiality?

2 / What are the consequences of a data breach?

3 / How shredding partners support compliance

4 / Secure document destruction is a necessity 

What laws govern PHI confidentiality?

The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 to protect how patients’ health information can be used and disclosed. It applies to all healthcare providers, health plans, and healthcare clearinghouses that transmit or generate health information, regulating the confidentiality of PHI and the secure destruction of any physical or digital data.

A data breach can put an organization at risk of violating HIPAA if PHI is exposed, and any violations are subject to fines up to $1.5 million per instance. Within HIPAA, the Security Rule is the administrative, technical, and physical safeguards to protect the privacy of PHI in any form.

In addition to HIPAA, the Fair and Accurate Credit Transactions Act (FACTA) ensures accuracy and privacy of consumers’ financial information and requires effective policies in the workplace to secure destruction of consumer information to prevent identity thefts and unauthorized access to the information. The law requires creditors and reporting agencies to protect consumers' identifying information. Violations can result in civil lawsuits, state fines of $1,000, and federal fines of $2,500 per violation/piece of paper.

What are the consequences of a data breach?

The US Department of Health and Human Services (HHS) has clearly defined regulations about data breaches and reporting. According to HHS, 541 breaches were reported in 2023. In just 11 of those breaches, 70.3 million individuals were impacted.

It is necessary to ensure HIPAA compliance to prevent unauthorized access to sensitive material, ensure confidential protection of patients, mitigate risk, and stay compliant with regulations. The risk of a data breach can threaten not just confidential patient data but also tarnish the entire healthcare system.

Given the severe ramifications of a data breach in the industry, entities need to take routine and consistent actions to help ensure the safety of protected patient information.

A vast number of healthcare organizations do not have effective programs in place to protect confidential information, any many do not conduct routine risk assessments of their existing programs. It is the responsibility of the healthcare industry to provide complete patient care, and that includes protecting their most sensitive information.

How shredding partners support compliance

On a day-to-day basis, any document printed or generated within the healthcare setting is almost guaranteed to contain some form of protected information. To protect patients and themselves organizations must implement procedures to regulate proper paper document control and destruction. The most effective way to handle these needs is to turn to a certified shredding service program.

A shredding partner will be able to ensure security and compliance through a convenient program. Professional partners are certified and operate within all HIPAA regulations, providing:

  • Industry specific secure shredding containers
  • A documented and routine collection schedule for all confidential material
  • Destruction of material within industry guidelines
  • A Certificate of Destruction (CoD) to support any compliance audits

The CoD includes chain of custody, date and time of destruction, location, and witnesses of destruction.

In addition to the core program, a shredding partner can provide bulk clean outs, hard drive/media destruction, service reporting & tracking, container inventory, and recycling sustainability initiatives, as well as driving efficiencies across the healthcare system.

Secure document destruction is a necessity

A document destruction program with a focus on HIPAA compliance is a necessity of any healthcare system to sustain patient privacy. Implementing a shredding program with a HIPAA compliant partner will enhance the security of sensitive material, maintain compliance with privacy laws, ensure proper destruction, avoid costly fines, maintain patient care at all levels, and protect the hospital’s image.

Document destruction is not just about being mindful of federal legislation but protecting the patients we are entrusted to care for. 




Header Style: 
Dave Abrams

Dave Abrams

Business Development Manager of Shredding

Having spent 15 years working in various aspects of healthcare sales across the US, Dave has driven product and service launches, built strategic relationships, facilitated new business growth, placed a priority on compliance, developed those around him, and driven efficiencies, bringing a unique mindset to document destruction management at Daniels Health.